-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PublicKeyCredentialCreationOptions and AssertionRequest are not serializable #18
Comments
Thanks, I've been considering that too. Will do! |
On further thought, I'm no longer sure this is a good idea, for a couple of reasons:
With that in mind we're now very hesitant to implement this. We might reconsider if there's a concrete use case with a clear benefit outweighing the risks; you're welcome to re-open the issue if you have one. |
The two classes mentioned are intended to be reused in the follow up call for registration and authentication, so they have to be stored somewhere server-side. It's cumbersome to have to serialize them to a JSON The canonical Java way of doing that is to make the classes This problem doesn't exist with loading credential data from the database because |
Implementing @jdhoek You can solve your issue in injecting your objects in the HttpSession trough a wrapper class implementing |
Are we talking about |
|
@emlun No,
@ed5s Not too surprising; |
My mistake, the class I linked to is
That sounds cool, I'd be interested in merging that if you want to. |
Interesting, I got stopped there with JDK 8. Will test again this Friday. @ed5s The general contract and intent of Setters and other methods where a parameter is expected should either not be called, or called with a non-null value. To be fair, there is a second school of Project Reactor looks quite interesting. |
For both the registration and the authentication ceremonies, the options used to to initiate them are kept server-side for the verification step. It would be very helpful if
PublicKeyCredentialCreationOptions
andAssertionRequest
could be made to implementSerializable
; that would allow developers to store instances of these classes in sessions, database, or cache without having to serialize them themselves.The text was updated successfully, but these errors were encountered: